1. Technical Field
Embodiments of the present disclosure generally relate to financial transactions and more particularly to secure financial transactions initiated from an electronic device.
2. Related Art
“Contactless technology” refers to short distance communications between two devices that are not physically connected. A wide variety of “contactless technology” exists today. Near Field Communication (NFC) is a specific type of “contactless technology” that is of high importance to Mobile Network Operators (MNOs) and to Service Providers (SP), for example, banks. NFC is a short-range high frequency wireless communication technology that enables the exchange of data between devices typically over about a 10 centimeter (or about 4 inch) distance, thus providing a fast, simple and secure way for a user to experience a range of contactless services with a mobile device.
Wireless mobile devices that include an NFC device and a smart card, which may use an RFID for identification purposes, allow a person to make financial transactions, such as purchasing a retail item. Typically, a consumer waves or taps the wireless mobile NFC device on a reader to effect a monetary transfer, and a price of the item is deducted from a total amount that is available and stored on the smart card of the wireless mobile device. Optionally, the amount of the item may be forwarded to a server that can identify the identification code of the particular device and subsequently charge the person for the purchase of the retail item. Such NFC-based point of sale (POS) transactions provide advantages such as eliminating the need to carry cash and enabling a faster financial transaction.
In addition to NFC based POS payments, there are several prevalent models of payments in the mobile industry including Short Message Service (SMS), a communications protocol that allows the interchange of short text messages between mobile devices, and Mobile Internet-based payments, by which customers search for and purchase products and services through electronic communications with online merchants over electronic networks such as the Internet. In this regard, individual customers may frequently engage in transactions with a variety of merchants through, for example, various merchant websites. A credit card may be used for making payments over the Internet. A disadvantage of credit card usage is that online merchants may be exposed to high fraud costs and “chargeback fees,” bearing liability because there is no credit card signature with an online sale.
Using mobile devices, for example personal electronic devices, to make financial transactions involving a transfer of funds from an SP to a vendor via an MNO network using SMS, NFC at the POS and Mobile Internet-based transactions create security issues or problems. For example, such methods involve credit card/financial instrument information, a user name and a password flowing through the network. In addition, a user may, at different times, use several different payment applications for different Service Providers. To the extent that each payment application has its own, separate security registration and verification procedures, the user experience may be cumbersome in that a user must separately load and run separate dedicated applications, each of which must be separately registered and verified for making secure financial transactions. Moreover, the security of each of these applications may be compromised by viruses, Trojans, key loggers and the like since the applications and their security information may be resident on the same data storage element. Moreover, unique biometric identifying information, for example a thumb or finger-print read from a biometric reader on the device, may be captured by any of the several applications loaded on the device. Additional security measures may be desirable to enable more secure Service Provider/Vendor financial transactions over a network or networks.
Mobile payment services using SMS communication may be insecure or use cumbersome security measures. For example, one method involves using an interactive voice response (IVR) call to call back for a PIN. This approach, used for example in PayPal Mobile 1.x, may result in a less-than-optimal user experience for users who may not want to be burdened with entering the PIN. Other approaches involve key management in the software and/or downloading client applications (e.g. interfaces available from kryptext.co.uk and Fortress SMS).